All posts in Uncategorized

■■■■□ Cloudflare Zero-Day Vulnerability Enables Any Host Access Bypassing Protections. Cloudflare Zero-Day Vulnerability Enables Any Host Access Bypassing Protections

■□□□□ Billion-Dollar Bait & Switch: Exploiting a Race Condition in Blockchain Infrastructure. https://mavlevin.com/2026/01/18/flashbots-mev-relay-race-condition-vulnerability

■■■■□ Security automation with n8n ideas: 100+ Red/Blue/AppSec workflows, integrations, and ready-to-run playbooks. https://github.com/0xSojalSec/n8n-Red-Blue-AppSec-workflows

■■□□□ Sirius is an open-source comprehensive vulnerability scanner that leverages community-driven security intelligence and automated penetration testing capabilities. https://github.com/SiriusScan/Sirius

4️⃣ The AWS hack, a supply chain ⛓️ attack taking over AWS JavaScript library. Am interesting thread! https://x.com/i/status/2011842613389726109

https://state-of-iranblackout.whisper.security/

⭐️InvisibleJS: A CLI tool to convert JavaScript into an invisible, executable payload using Zero-Width encoding. https://github.com/oscarmine/InvisibleJS.git

■■□□□ United States: A Chinese-linked cyberespionage group targeted U.S. government and policy-related officials with Venezuela-themed phishing emails in the days after the U.S. operation to topple Venezuelan President Nicolas Maduro, cybersecurity researchers said Thursday. https://www.reuters.com/business/media-telecom/chinese-linked-hackers-target-us-entities-with-venezuelan-themed-malware-2026-01-15/

■■■■■ $312,500 worth of stored/reflected XSS vulnerabilities in Meta’s Conversions API Gateway allowed Javascript code to run on any Facebook domain and millions of third-party websites. The flaw enabled zero-click Facebook account takeover and more: https://ysamm.com/uncategorized/2025/01/13/capig-xss.html

■■■■□ Instagram account takeover via Meta Pixel script abuse (Bug bounty – $32,500) by Youssef Sammouda. https://ysamm.com/uncategorized/2026/01/16/leaking-fbevents-ato.html